[Resolvido] &nbspPagina que se abre sozinha

wings · Setembro 4, 2010

OK...

1.

*Baixe o Avenger e salve-o no desktop

*Extraia para o desktop

*Execute o Avenger

*Copie o código:

Files to delete:
C:\Windows\System32\yeearmdc.exe

C:\Windows\System32\mscac-ocd.dll

C:\Windows\System32\mswan-oce.dll

C:\Windows\¬úZ

*Clique [Load Script] > [Paste from Clipboard]

*Clique [Execute] > [OK]

*O PC será reiniciado

*Cole o relatório C:\avenger.txt

Lucas F. dos Santos · Setembro 5, 2010

Logfile of The Avenger Version 2.0, © by Swandog46

http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.

Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.

No rootkits found!

File "C:\Windows\System32\yeearmdc.exe" deleted successfully.

File "C:\Windows\System32\mscac-ocd.dll" deleted successfully.

File "C:\Windows\System32\mswan-oce.dll" deleted successfully.

File "C:\Windows\¬úZ" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Não deu certo continua aparecendo.

wings · Setembro 5, 2010

Não deu certo continua aparecendo.

*Desative temporariamente seu antivírus

Clique com o botão direito do mouse no ícone do Avast ao lado do relógio > Selecione "Pausar a proteção residente" > Confirme.

*Baixe o ComboFix e salve-o no desktop

*Clique com o botão direito do mouse no Combofix e selecione "Executar como administrador"

*Aceite o contrato

*Aguarde a conclusão de todas as etapas

*Evite usar o mouse e o teclado durante a execução do Combofix!!..... Para interromper o procedimento tecle [N] ou [2] e depois [ENTER]

*Ao finalizar, o relatório C:\combofix.txt será apresentado.

*Cole-o na próxima resposta.

Lucas F. dos Santos · Setembro 6, 2010

ComboFix 10-09-06.03 - Adm 06/09/2010 20:04:39.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.960.337 [GMT -3:00]

Executando de: c:\users\Lucas\Desktop\ComboFix.exe

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\cleanup.exe

c:\windows\system32\vbzlib1.dll

C:\zip.exe

.

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-06 to 2010-09-06 ))))))))))))))))))))))))))))

.

2010-09-06 23:16 . 2010-09-06 23:16 -------- d-----w- c:\users\Lucas\AppData\Local\temp

2010-09-05 18:44 . 2010-09-05 18:44 -------- d-----w- c:\users\Adm\AppData\Roaming\VS Revo Group

2010-09-05 18:41 . 2009-12-30 15:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys

2010-09-05 18:41 . 2010-09-05 18:41 -------- d-----w- c:\program files\VS Revo Group

2010-09-05 18:38 . 2010-09-05 18:38 -------- d-----w- c:\users\Adm\AppData\Local\VS Revo Group

2010-09-05 15:11 . 2010-09-05 15:11 -------- d-----w- c:\program files\Firefox

2010-09-04 23:41 . 2010-09-04 23:41 574 ----a-w- C:\cleanup.bat

2010-09-04 16:39 . 2010-09-04 23:28 -------- d-----w- c:\program files\Pcsx2

2010-09-02 00:22 . 2010-09-02 00:22 -------- d-----w- c:\windows\system32\wbem\Logs

2010-08-29 15:15 . 2010-08-29 15:15 -------- d-----w- c:\users\Adm\AppData\Roaming\Malwarebytes

2010-08-29 15:14 . 2010-04-29 18:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-08-29 15:14 . 2010-08-29 15:14 -------- d-----w- c:\programdata\Malwarebytes

2010-08-29 15:14 . 2010-04-29 18:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-08-29 15:00 . 2010-08-18 20:19 52224 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}\components\FFExternalAlert.dll

2010-08-29 15:00 . 2010-08-18 20:19 101376 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\{f4c23ca5-ed6c-4376-80ad-62f9161a7286}\components\RadioWMPCore.dll

2010-08-29 15:00 . 2010-08-18 20:11 52224 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\{9e877ee8-d8e8-48b0-84dd-06917f470dff}\components\FFExternalAlert.dll

2010-08-29 15:00 . 2010-08-18 20:11 101376 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\{9e877ee8-d8e8-48b0-84dd-06917f470dff}\components\RadioWMPCore.dll

2010-08-28 19:29 . 2010-08-28 19:29 -------- d-----w- c:\program files\Common Files\Symantec Shared

2010-08-28 19:11 . 2010-08-28 19:11 -------- d-----w- c:\programdata\Norton

2010-08-28 19:11 . 2010-08-28 19:11 -------- d-----w- c:\windows\system32\drivers\NSS

2010-08-28 19:11 . 2010-08-28 19:11 -------- d-----w- c:\program files\Norton Security Scan

2010-08-28 19:11 . 2010-08-28 19:25 -------- d-----w- c:\programdata\Symantec

2010-08-28 19:11 . 2010-08-28 19:11 -------- d-----w- c:\programdata\NortonInstaller

2010-08-28 19:11 . 2010-08-28 19:11 -------- d-----w- c:\program files\NortonInstaller

2010-08-28 00:47 . 2010-08-27 23:39 15880 ----a-w- c:\windows\system32\lsdelete.exe

2010-08-27 23:39 . 2010-08-27 23:37 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys

2010-08-27 23:39 . 2010-08-27 23:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2010-08-27 23:07 . 2010-08-27 23:07 -------- dc-h--w- c:\programdata\{52AC600B-5800-407E-99FF-83CD0669760B}

2010-08-27 23:07 . 2010-02-05 09:04 2954656 -c--a-w- c:\programdata\{52AC600B-5800-407E-99FF-83CD0669760B}\Ad-AwareInstaller.exe

2010-08-27 23:07 . 2010-08-27 23:39 -------- d-----w- c:\programdata\Lavasoft

2010-08-27 23:07 . 2010-08-27 23:08 -------- d-----w- c:\program files\Lavasoft

2010-08-27 15:35 . 2010-08-27 15:35 -------- d-----w- c:\users\Aline_2\AppData\Local\Google

2010-08-25 00:09 . 2010-04-07 07:10 571904 ----a-w- c:\windows\system32\oleaut32.dll

2010-08-24 23:20 . 2010-08-24 23:20 -------- d-----w- c:\programdata\CrystalIdea Software

2010-08-24 19:06 . 2010-08-24 19:06 -------- d-----w- c:\users\Aline_2\AppData\Roaming\gtk-2.0

2010-08-24 18:00 . 2010-08-24 18:00 -------- d-----w- c:\users\Aline_2\.thumbnails

2010-08-24 17:49 . 2010-08-24 17:49 -------- d-----w- c:\users\Aline_2\AppData\Roaming\Nero

2010-08-24 17:42 . 2010-08-24 17:42 -------- d-----w- c:\users\Aline_2\Office Genuine Advantage

2010-08-24 17:21 . 2010-08-24 17:22 -------- d-----w- c:\users\Aline_2\AppData\Local\Adobe

2010-08-23 17:36 . 2010-08-23 17:36 -------- d-----w- c:\users\Aline_2\AppData\Local\Ares

2010-08-23 13:44 . 2010-09-06 21:49 -------- d-----w- c:\users\Aline_2\Tracing

2010-08-22 21:05 . 2010-08-22 21:05 -------- d-----w- c:\users\Aline_2\AppData\Local\Mozilla

2010-08-22 15:43 . 2010-08-22 15:43 -------- d-----w- c:\programdata\Zylom

2010-08-22 15:43 . 2009-10-23 18:01 102400 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll

2010-08-22 15:43 . 2006-11-29 17:44 161976 ----a-w- c:\programdata\Zylom\ZylomGamesPlayer\zylomgamesplayer.dll

2010-08-22 15:43 . 2010-08-22 15:43 -------- d-----w- c:\program files\Zylom Games

2010-08-21 21:47 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll

2010-08-21 21:47 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll

2010-08-21 21:47 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll

2010-08-21 21:47 . 2009-09-26 05:58 194488 ----a-w- c:\windows\system32\drivers\fvevol.sys

2010-08-21 19:31 . 2010-09-03 21:18 -------- d-----w- c:\users\Aline_2\.gimp-2.6

2010-08-21 18:58 . 2010-08-21 18:58 -------- d-----w- c:\windows\system32\Wat

2010-08-21 18:51 . 2010-08-29 03:11 118656 ----a-w- c:\users\Aline_2\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-21 18:29 . 2010-08-21 18:29 -------- d-----w- c:\users\Adm\AppData\Local\Diagnostics

2010-08-17 14:26 . 2010-08-17 14:47 -------- d-----w- C:\MSNCleaner

2010-08-17 14:05 . 2010-08-17 14:05 -------- d-----w- c:\program files\AxBx

2010-08-16 22:50 . 2010-08-16 22:56 -------- d-----w- c:\program files\Spybot - Search & Destroy

2010-08-16 22:34 . 2010-08-16 22:34 0 ----a-w- c:\windows\nsreg.dat

2010-08-15 16:24 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr

2010-08-11 12:04 . 2010-06-16 05:48 224256 ----a-w- c:\windows\system32\schannel.dll

2010-08-11 12:04 . 2010-06-19 04:07 2326016 ----a-w- c:\windows\system32\win32k.sys

2010-08-08 01:22 . 2010-08-08 01:22 -------- d-----w- c:\program files\Pysycache

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-06 21:54 . 2009-07-14 08:31 657482 ----a-w- c:\windows\system32\prfh0416.dat

2010-09-06 21:54 . 2009-07-14 08:31 125874 ----a-w- c:\windows\system32\prfc0416.dat

2010-09-04 23:29 . 2010-05-01 16:03 -------- d-----w- c:\program files\Scpad

2010-09-03 11:08 . 2010-04-27 00:23 -------- d-----w- c:\program files\Microsoft Silverlight

2010-09-01 23:12 . 2010-07-16 22:49 -------- d-----w- c:\users\Alison\AppData\Roaming\gtk-2.0

2010-08-29 20:52 . 2010-04-16 06:50 118656 ----a-w- c:\users\Lucas\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-29 11:40 . 2010-04-19 23:04 118656 ----a-w- c:\users\Alison\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-29 00:01 . 2010-04-25 17:07 -------- d-----w- c:\users\Adm\AppData\Roaming\Nero

2010-08-28 22:42 . 2010-04-23 01:30 118656 ----a-w- c:\users\Adm\AppData\Local\GDIPFONTCACHEV1.DAT

2010-08-28 19:52 . 2010-04-22 22:52 -------- d-----w- c:\users\Adm\AppData\Roaming\gtk-2.0

2010-08-28 16:37 . 2010-04-21 22:25 -------- d-----w- c:\users\Lucas\AppData\Roaming\gtk-2.0

2010-08-21 18:58 . 2009-07-13 23:40 409088 ----a-w- c:\windows\system32\systemcpl.dll

2010-08-21 18:58 . 2009-07-13 23:36 13824 ----a-w- c:\windows\system32\slwga.dll

2010-08-21 18:58 . 2009-07-13 23:24 811520 ----a-w- c:\windows\system32\user32.dll

2010-08-19 22:56 . 2010-04-16 06:37 -------- d-----w- c:\programdata\Microsoft Help

2010-08-19 22:53 . 2010-04-16 06:41 -------- d-----w- c:\program files\Microsoft Works

2010-08-19 22:53 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild

2010-08-17 02:59 . 2010-05-03 22:14 -------- d-----w- c:\programdata\Messenger Plus!

2010-08-17 02:59 . 2010-05-03 22:13 -------- d-----w- c:\program files\Messenger Plus! Live

2010-08-16 22:34 . 2010-08-01 13:13 -------- d-----w- c:\programdata\NOS

2010-08-14 12:57 . 2010-04-29 00:12 -------- d-----w- c:\program files\Google

2010-08-14 01:02 . 2010-04-27 21:38 -------- d-----w- c:\program files\AutocompletePro

2010-08-14 00:57 . 2010-04-16 07:38 -------- d--h--w- c:\program files\InstallShield Installation Information

2010-08-06 18:52 . 2010-08-06 18:51 2568656 ----a-w- c:\programdata\NOS\Adobe_Downloads\install_flash_player.exe

2010-07-29 06:30 . 2010-08-11 12:05 197632 ----a-w- c:\windows\system32\ir32_32.dll

2010-07-29 06:30 . 2010-08-11 12:05 82944 ----a-w- c:\windows\system32\iccvid.dll

2010-07-27 21:38 . 2010-07-27 21:37 -------- d-----w- c:\program files\Digipix D-Book

2010-07-27 21:32 . 2010-07-27 21:32 -------- d-----w- c:\program files\DigiPix

2010-07-21 15:21 . 2010-07-21 15:21 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf

2010-07-20 17:15 . 2010-07-20 16:31 -------- d-----w- c:\users\Alison\AppData\Roaming\U3

2010-07-19 23:09 . 2010-07-19 23:09 -------- d-----w- c:\users\Alison\AppData\Roaming\EleFun Games

2010-07-19 22:39 . 2010-07-19 22:39 -------- d-----w- c:\users\Lucas\AppData\Roaming\EleFun Games

2010-07-15 18:44 . 2010-07-15 18:44 -------- d-----w- c:\users\Alison\AppData\Roaming\Apple Computer

2010-07-10 16:05 . 2010-07-10 16:05 -------- d-----w- c:\program files\WinPcap

2010-07-10 16:04 . 2010-07-10 16:04 -------- d-----w- c:\program files\DsNET Corp

2010-06-30 06:25 . 2010-08-11 12:05 978432 ----a-w- c:\windows\system32\wininet.dll

2010-06-28 20:57 . 2010-05-11 01:10 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-06-28 20:37 . 2010-05-11 01:10 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-06-28 20:37 . 2010-05-11 01:10 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-06-28 20:33 . 2010-05-11 01:10 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-06-28 20:32 . 2010-05-11 01:10 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2010-06-28 20:32 . 2010-05-11 01:10 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-06-22 02:47 . 2010-08-11 12:05 310784 ----a-w- c:\windows\system32\drivers\srv.sys

2010-06-22 02:47 . 2010-08-11 12:05 307200 ----a-w- c:\windows\system32\drivers\srv2.sys

2010-06-22 02:47 . 2010-08-11 12:05 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys

2010-06-19 06:33 . 2010-08-11 12:05 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe

2010-06-19 06:33 . 2010-08-11 12:05 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe

2010-06-19 06:23 . 2010-08-11 12:05 37376 ----a-w- c:\windows\system32\rtutils.dll

2010-06-14 15:08 . 2010-07-23 23:00 545280 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\PicLensHelper.exe

2010-06-14 15:08 . 2010-07-23 23:00 4687360 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\cooliris192.dll

2010-06-14 15:08 . 2010-07-23 23:00 425984 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\LaunchCooliris.exe

2010-06-14 15:08 . 2010-07-23 23:00 152064 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\plugins\npcoolirisplugin.dll

2010-06-14 15:08 . 2010-07-23 23:00 103424 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\pixomatic.dll

2010-06-14 15:08 . 2010-07-23 23:00 57856 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\components\coolirisstub.dll

2010-06-14 15:08 . 2010-07-23 23:00 4687872 ----a-w- c:\users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\03pus5y3.default\extensions\piclens@cooliris.com\libs\cooliris190.dll

2010-06-14 06:12 . 2010-08-11 12:05 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-06-01 22:49 . 2010-06-01 22:49 774144 ----a-w- c:\program files\RngInterstitial.dll

2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat

2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

.

------- Sigcheck -------

[-] 2010-08-21 . 7BD7F45FF37FA0669CD32CA0EF46E22C . 811520 . . [6.1.7600.16385] . . c:\windows\System32\user32.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ares"="c:\program files\Ares\Ares.exe" [2010-02-08 1015808]

"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-06-01 202256]

"fssui"="c:\program files\Windows Live\Family Safety\fsui.exe" [2010-04-28 647528]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Application.lnk - c:\program files\WinApplication\WinApplication.exe [2010-6-5 231936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avgnt

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\fssui]

2010-04-28 10:44 647528 ----a-w- c:\program files\Windows Live\Family Safety\fsui.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]

2010-04-17 01:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2010-03-18 00:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 136176]

R2 parvwxydfsijos;parvwxydfsijos;c:\windows\system32\yeearmdc.exe [x]

R2 scpVista;scpVista;c:\program files\Scpad\scpVista.exe [2009-07-10 136496]

R3 NitroPCSrv;NitroPC Service; [x]

R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]

S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]

S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2010-08-27 64288]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]

S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648]

S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2010-08-27 1352832]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-11-16 50704]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

.

Conteúdo da pasta 'Tarefas Agendadas'

2010-09-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-05 23:37]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 00:11]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 00:11]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262322605-869973698-12785198-1000Core.job

- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 15:42]

2010-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4262322605-869973698-12785198-1000UA.job

- c:\users\Lucas\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-05 15:42]

2010-07-22 c:\windows\Tasks\Install.job

- c:\windows\System32\Macromed\Shockwave 10\nssstub.exe [2010-07-17 14:27]

2010-09-06 c:\windows\Tasks\Norton Security Scan for Adm.job

- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-08-28 03:51]

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

TCP: {3E5BE4A8-ABCE-4F45-BF8C-9A5112890D2A} = 200.204.0.10 200.204.0.138

FF - ProfilePath -

---- FIREFOX POLICIES ----

c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

c:\program files\Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

- - - - ORFÃOS REMOVIDOS - - - -

AddRemove-E.M. PowerPoint Video Converter_is1 - d:\temp\E.M. PowerPoint Video Converter\unins000.exe

AddRemove-Jigsaw Puzzle Mania_is1 - d:\temp\unins001.exe

AddRemove-Leonardo Da Vinci Free Puzzle Game_is1 - d:\temp\Leonardo Da Vinci Free Puzzle Game\unins000.exe

AddRemove-MagicJigsaw_is1 - d:\temp\unins000.exe

AddRemove-MV RegClean 5.9_is1 - d:\temp\MV RegClean 5.9\unins000.exe

AddRemove-My Lockbox_is1 - d:\temp\My Lockbox\unins000.exe

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_USERS\S-1-5-21-4262322605-869973698-12785198-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1D09382B-CA62-8BE0-7628-7D765E699E41}*]

"jagfkpcblmdadgaehckm"=hex:62,61,64,6d,00,00

"iagghggbfeelhilbnj"=hex:6b,61,6c,6d,68,66,6c,6f,70,68,70,70,66,6b,70,61,6d,6d,

69,6d,64,66,00,03

"jagfkpcblmdadgaehcod"=hex:62,61,6b,6d,00,00

"haaabfbpmgjinlpn"=hex:6b,61,6c,6d,68,66,6c,6f,70,68,70,70,66,6b,6b,64,6f,6d,

69,6d,6c,6f,00,03

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'lsass.exe'(536)

c:\program files\Scpad\scpLIB.dll

c:\program files\Scpad\scpMIB.dll

c:\program files\Scpad\sshib.dll

.

Tempo para conclusão: 2010-09-06 20:19:57

ComboFix-quarantined-files.txt 2010-09-06 23:19

Pré-execução: 11.272.704.000 bytes disponíveis

Pós execução: 11.315.175.424 bytes disponíveis

- - End Of File - - 831951DD9522F1D048D70894D2634B63

wings · Setembro 7, 2010

*Abra o bloco de notas e cole nele o código abaixo:

File::
C:\cleanup.bat

Driver::

parvwxydfsijos

*Salve o arquivo no desktop como CFScript.txt

*Arraste o arquivo para o Combofix conforme ilustração abaixo:

*Importante: enquanto o combofix estiver em execução, evite usar o mouse e o teclado!!..para interromper o processo tecle N ou 2.

*Cole o relatório C:\combofix.txt

Informe também como está o PC.

Caso ainda persista...

*No Firefox, clique em [Ferramentas] > [Opções]

*Na aba "Privacidade" clique em [Limpar todo o histórico atual]

*Na aba "Avançado" clique em [Rede] > [Limpar cache agora]

Informe.

Lucas F. dos Santos · Setembro 7, 2010

Acho que resolveu a pagina não esta aparecendo.

muito obrigado!!!

Se voltar aparecer posso usar o mesmo tópico?

só uma duvida.

o que é "cleanup.bat"

ComboFix 10-09-06.03 - Adm 07/09/2010 19:20:21.3.2 - x86

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.55.1046.18.960.509 [GMT -3:00]

Executando de: c:\users\Lucas\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Lucas\Desktop\CFScript.txt

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

FILE ::

"C:\cleanup.bat"

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

C:\cleanup.bat

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

-------\Service_parvwxydfsijos

(((((((((((((((( Arquivos/Ficheiros criados de 2010-08-07 to 2010-09-07 ))))))))))))))))))))))))))))

.

2010-09-07 22:51 . 2010-09-07 22:51 -------- d-----w- C:\Device

2010-09-07 22:33 . 2010-09-07 22:54 -------- d-----w- c:\users\Adm\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:54 -------- d-----w- c:\users\Lucas\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\TEMP\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\TEMP.Lucas-PC\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\TEMP.Lucas-PC.002\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\TEMP.Lucas-PC.001\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\TEMP.Lucas-PC.000\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\Public\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\Alison\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\Aline_2\AppData\Local\temp

2010-09-07 22:33 . 2010-09-07 22:33 -------- d-----w- c:\users\Aline\AppData\Local\temp